package/refpolicy: allow packages to provide their own SELinux modules

Allow packages to have an 'selinux' subfolder containing SELinux modules
(sources) to be synced and compiled within the refpolicy, if the package
is selected.

Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk
index 7b6a08b016ae16a332f6ed29dd4b1c08800ffd87..54de03da03af5bd3d1165ed7e33343530ee98700 100644 (file)
--- a/package/pkg-generic.mk
+++ b/package/pkg-generic.mk
@@ -1092,6 +1092,8 @@ KEEP_PYTHON_PY_FILES += $$($(2)_KEEP_PY_FILES)
 ifneq ($$($(2)_SELINUX_MODULES),)
 PACKAGES_SELINUX_MODULES += $$($(2)_SELINUX_MODULES)
 endif
+PACKAGES_SELINUX_EXTRA_MODULES_DIRS += \
+       $$(if $$(wildcard $$($(2)_PKGDIR)/selinux),$$($(2)_PKGDIR)/selinux)
 
 ifeq ($$($(2)_SITE_METHOD),svn)
 DL_TOOLS_DEPENDENCIES += svn

diff --git a/package/refpolicy/refpolicy.mk b/package/refpolicy/refpolicy.mk
index 7e469e8cdc8a26d2ba3cbcd1295abdc2cd1cb73d..dc038001bd1db65dd7ca97b8516c600524664a69 100644 (file)
--- a/package/refpolicy/refpolicy.mk
+++ b/package/refpolicy/refpolicy.mk
@@ -41,7 +41,9 @@ ifeq ($(BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION),y)
 
 # Allow to provide out-of-tree SELinux modules in addition to the ones
 # in the refpolicy.
-REFPOLICY_EXTRA_MODULES_DIRS = $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES_DIRS))
+REFPOLICY_EXTRA_MODULES_DIRS = \
+       $(call qstrip,$(BR2_REFPOLICY_EXTRA_MODULES_DIRS)) \
+       $(PACKAGES_SELINUX_EXTRA_MODULES_DIRS)
 $(foreach dir,$(REFPOLICY_EXTRA_MODULES_DIRS),\
        $(if $(wildcard $(dir)),,\
                $(error BR2_REFPOLICY_EXTRA_MODULES_DIRS contains nonexistent directory $(dir))))